A certain degree of attention was paid to security problems in the early construction of information and network, firewall, anti-virus gateway, VPN, IDS/IPS, authentication, security audit and other equipments have been deployed to the enterprise network, a problem is that how to deal with security events generated by heterogeneous devices, the existing network technology and management lacks of good security monitoring of the raw data and analytical tools. Therefore, this paper constructed a unified network security monitoring and analysis system, a variety of standardized data from heterogeneous data sources representation and integration, and through correlation analysis, the security situation in forecasting techniques for data analysis and processing, to improve the accuracy of alarm and found that the potential threat of the network, predict the future trends in network security within a period of time, adjust the security policy to adapt to the dynamic and holistic network security requirements timely, which will change the network management from a passive attacks into active defense. |